Press ESC to close

Zyxel Firewalls Exploited for Ransomware Attacks; 20 Security Flaws Discovered in Advantech Access Points

AspectDetails
Threat ActorsHelldown Ransomware group
Campaign OverviewActive exploitation of vulnerabilities in Zyxel firewalls (CVE-2024-11667) and Advantech wireless devices (CVE-2024-50370-50375)
Target Regions (Or Victims)Small and medium-sized businesses, especially in the US and Europe
MethodologyExploited vulnerabilities for ransomware, data exfiltration, remote code execution, and access to sensitive network devices.
Product TargetedZyxel firewalls, Advantech wireless access point devices
Malware ReferenceHelldown ransomware
Tools UsedRogue beacon frames, JavaScript injection, backdoor installation
Vulnerabilities ExploitedCVE-2024-11667, CVE-2024-50370 through CVE-2024-50375, CVE-2024-50359, CVE-2024-50376
TTPsInitial Access, Exploitation, Privilege Escalation, Data Exfiltration, Lateral Movement
AttributionHelldown ransomware group
RecommendationsApply firmware updates, disable remote access, change admin passwords, monitor for unauthorized access, implement 3-2-1 backup strategy
SourceSOCRadar

Read full article: https://socradar.io/zyxel-firewalls-exploited-for-ransomware-attacks-20-security-flaws-discovered-in-advantech-access-points/

Disclaimer: The above summary has been generated by an AI language model

Source: SOCRadar

Published on: November 29, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *